From 57fa143448577b670d8dd0e02b6e4cf31c4a7cff Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Fri, 28 Oct 2016 17:46:31 +0300
Subject: [ci skip] xss_clean() hardening

- percent-sign tag (IE)
- data: URI scheme inclinding whitespace (Chrome)
---
 system/core/Security.php | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

(limited to 'system/core')

diff --git a/system/core/Security.php b/system/core/Security.php
index b9160a252..d0308c5f9 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -133,15 +133,16 @@ class CI_Security {
 	 * @var	array
 	 */
 	protected $_never_allowed_str =	array(
-		'document.cookie'	=> '[removed]',
-		'document.write'	=> '[removed]',
-		'.parentNode'		=> '[removed]',
-		'.innerHTML'		=> '[removed]',
-		'-moz-binding'		=> '[removed]',
-		'<!--'				=> '&lt;!--',
-		'-->'				=> '--&gt;',
-		'<![CDATA['			=> '&lt;![CDATA[',
-		'<comment>'			=> '&lt;comment&gt;'
+		'document.cookie' => '[removed]',
+		'document.write'  => '[removed]',
+		'.parentNode'     => '[removed]',
+		'.innerHTML'      => '[removed]',
+		'-moz-binding'    => '[removed]',
+		'<!--'            => '&lt;!--',
+		'-->'             => '--&gt;',
+		'<![CDATA['       => '&lt;![CDATA[',
+		'<comment>'	  => '&lt;comment&gt;',
+		'<%'              => '&lt;&#37;'
 	);
 
 	/**
@@ -924,7 +925,7 @@ class CI_Security {
 		return str_replace(
 			$match[1],
 			preg_replace(
-				'#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
+				'#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|d\s*a\s*t\s*a\s*:)#si',
 				'',
 				$this->_filter_attributes($match[1])
 			),
-- 
cgit v1.2.3-24-g4f1b


From a1f830dedc53e31a48c8722ed11e3e645526bdcc Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Fri, 28 Oct 2016 17:59:47 +0300
Subject: [ci skip] Prepare for 3.1.2 release

---
 system/core/CodeIgniter.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/core')

diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 32ad61899..a2067fb10 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  * @var	string
  *
  */
-	const CI_VERSION = '3.1.2-dev';
+	const CI_VERSION = '3.1.2';
 
 /*
  * ------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b